• ZTP Boot Process with CloudVision

 
 
Print Friendly, PDF & Email

Platforms:

EOS Switch Versions 4.17.3F and above

CloudVision Versions 2018, 2019, 2020

Summary:

Zerotouch Provisioning (ZTP) is available on all Arista switches and is enabled by default or after a factory reset.  CloudVision (CVP), Arista’s Configuration Management and Streaming Telemetry tool comes with ZTP installed.  The combination of ZTP and CVP provides a simplistic workflow to onboard new switches into your environment.

Prerequisites

  • CloudVision installed and running
  • DHCP Service providing Option 67 Bootstrap information
  • Switch in Factory Default mode (ZTP enabled)
  • Network Reachability between Switch and CVP ZTP Server

Example Setup

In this setup, CloudVision ZTP service and the switch are on different IP subnets, 192.168.1.0/24 and 10.1.1.0/24 respectively.  A Palo Alto FW acts as both a layer 3 routing device and a DHCP server providing a DHCP option 67 to the location of the bootfile.  Any L3 routing device and DHCP server could be used.  The switch is connected to the network with it’s management port (Ma1). 

Option 67 -Bootstrap URL is: http://192.168.1.248/ztp/bootstrap

 

ZTP Boot Process Summary

  1. Connect Factory Defaulted Switch to network with any port (all ports routed when in ZTP mode)
  2. Switch Boots up and receives DHCP IP address with an Option 67 bootstrap parameter
  3. Switch makes a connection to ZTP service to download its initial base configuration
  4. CloudVision registers switch and places it into the ‘Undefined’ container.  See device ‘sw-10.1.1.65‘ below.
  5. Move Device to Final Container and apply desired configlets.

ZTP Boot Process Details

From the Switch’s console, the following output is seen during the ZTP boot process:

localhost login: Apr 19 23:36:32 localhost Rib: Commence routing updates
Apr 19 23:36:54 localhost ZeroTouch: %ZTP-6-INIT: No startup-config found, starting Zero Touch Provisioning
Apr 19 23:36:55 localhost ZeroTouch: %ZTP-6-INIT: No startup-config found, starting Zero Touch Provisioning
Apr 19 23:37:27 localhost ZeroTouch: %ZTP-6-DHCPv4_QUERY: Sending DHCPv4 request on  [ Ethernet1, Management1 ]
Apr 19 23:37:28 localhost ZeroTouch: %ZTP-6-DHCPv4_SUCCESS: DHCPv4 response received on Management1  [ Ip Address: 10.1.1.65/24/24; Nameserver: 192.168.1.246; Nameserver: 8.8.8.8; Domain: thielnet.com; Gateway: 10.1.1.1; Boot File: http://192.168.1.248/ztp/bootstrap ]
Apr 19 23:37:33 localhost ZeroTouch: %ZTP-6-CONFIG_DOWNLOAD: Attempting to download the startup-config from http://192.168.1.248/ztp/bootstrap
Apr 19 23:37:33 localhost ZeroTouch: %ZTP-6-CONFIG_DOWNLOAD_SUCCESS: Successfully downloaded config script from http://192.168.1.248/ztp/bootstrap
Apr 19 23:37:33 localhost ZeroTouch: %ZTP-6-EXEC_SCRIPT: Executing the downloaded config script
Apr 19 23:37:34 localhost cvpNotifyIntvl = 60
Apr 19 23:37:34 localhost configPollIntvl = 2
Apr 19 23:37:34 localhost cvpUrl = https://192.168.1.248/cvpservice/services/ztp/config
Apr 19 23:37:34 localhost cvpUser = cvptemp
Apr 19 23:37:34 localhost Removing temporary files
Apr 19 23:37:34 localhost ['10.1.1.65']
Apr 19 23:37:35 localhost hostname sw-10.1.1.65 ipAddrs ['10.1.1.65']
Apr 19 23:37:35 localhost Applying Base EOS configuration
Apr 19 23:37:37 sw-10 TerminAttr version is valid. Skipping upgrade
Apr 19 23:37:37 sw-10 status code=7 msg=EOS running newer version of terminAttr than defaultterminAttr version, current version is valid
Apr 19 23:37:38 sw-10 waiting for Eos configuration
Apr 19 23:37:38 sw-10 Sending request to https://192.168.1.248/cvpservice/services/ztp/config [0]
Apr 19 23:37:42 sw-10 status code=11 msg=Successfully requested CVP for config

 

ZTP Switch Configuration

After the switch completes the ZTP boot process, it will have an initial configuration that includes the following items:

  • TerminAttr configuration – Streaming Telemetry Agent
  • Temporary username ‘cvptemp’
  • All ports in routed mode while ZTP is enabled.  (Ports default back to L2 mode after ZTP is finished)
  • Management API enabled
  • IP Address assigned to connected port
  • Default Route

Sample ZTP Configuration

Below is the running-config of a switch that booted up with ZTP.

sw-10.1.1.65#sh run
! Command: show running-config
! device: sw-10.1.1.65 (DCS-7050SX-64, EOS-4.22.4M)
!
! boot system flash:/EOS-4.22.4M.swi
!
service configuration session max pending 10
!
daemon TerminAttr
   exec /usr/bin/TerminAttr -ingestgrpcurl=192.168.1.248:9910 -cvcompression=gzip -taillogs -ingestauth=key,magickey -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata -ingestexclude=/Sysdb/cell/1/agent,/Sysdb/cell/2/agent
   no shutdown
!
switchport default mode routed
!
! <... logging levels ommitted ...>
!
hostname sw-10.1.1.65
ip name-server vrf default 192.168.1.246
dns domain example.com
!
spanning-tree mode mstp
!
no aaa root
!
username cvptemp privilege 15 secret sha512 $6$VsAvo725ou/Q6MMz$X4fzzc06.NfxwI0gFzyGYYKk.ubvb16mYAvkZao/dWqT79wCD3NpuCH9f4nn/.fMi.D6X7ZiDZ3fxUIOkCXY1/
!
interface Ethernet1-48
   speed forced 10000full
   no switchport
   ipv6 enable
   ipv6 address auto-config
   ipv6 nd ra rx accept default-route
!
interface Management1
   ip address 10.1.1.65/24
   ipv6 enable
   ipv6 address auto-config
   ipv6 nd ra rx accept default-route
!
ip route 0.0.0.0/0 10.1.1.1
!
no ip routing
!
control-plane
   no service-policy input copp-system-policy
!
banner login
No startup-config was found.
The device is in Zero Touch Provisioning mode and is attempting to 
download the startup-config from a remote system. The device will not  
be fully functional until either a valid startup-config is downloaded 
from a remote system or Zero Touch Provisioning is cancelled.
To cancel Zero Touch Provisioning, login as admin and type 
'zerotouch cancel' at the CLI. Alternatively, to disable Zero Touch  
Provisioning permanently, type 'zerotouch disable' at the CLI.  
Note: The device will reload when these commands are issued. 
EOF
!
management api http-commands
   no shutdown
!

At this point the switch is booted with temporary configuration and is ready to be provisioned.  You may now move this device to the final container and apply configlets as desired.  A task will be created in CVP to move the device and needs to be executed.   When the task is executed, the switch reboot 1 last time disabling ZTP mode and the final configuration will be applied to the device. 

Note

Should you need to revert back to ZTP mode, you have two options.  From Network Provisioning within CVP, you can reset the device,

or,

you can simply remove 2 files on flash (startup-config and zerotouch-config) and then reload switch.

delete flash:startup-config
delete flash:zerotouch-config
reload now

Once the device reboots, ZTP will be re-enabled and the device will start the process from the beginning.

 

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: